Restrict Unix socket file ownership by default to ug=rw

* default mode is now 0660 & ~umask * chmod before chown: don't break apparmor profiles that didn't have `capability fowner` (which would be required now as chmod always triggers). This might lead to SUID and SGID bits getting cleared. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@59 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
8 years ago · 9108124842
3 changed files with 20 additions and 11 deletions
--- a/1
+++ b/1
@ -6,6 +6,7 @@ NEWS
 - 1.6.4 -
  * Use octal mode for -M (patch by dfjoerg)
  * Add -b backlog option (fixes #2422, patch by aschmitz)
+  * Restrict Unix socket file ownership by default to ug=rw

 - 1.6.3 - 2009-09-23
  * Fix unix socket mode change to work without specifying user/group for socket
--- a/spawn-fcgi.1
+++ b/spawn-fcgi.1
@ -82,7 +82,8 @@ Name of the PID file for spawned processes (ignored in no-fork mode)
 No forking should take place (for daemontools)
 .TP 8
 .B  \-M <mode>
-Change file mode of the Unix domain socket; only used if \-s is given too.
+Change file mode of the Unix domain socket (octal integer); only used if \-s is given too.
+Defaults to read+write for user and group (0660) as far as the umask allows it.
 .TP 8
 .B  \-?, \-h
 General usage instructions
--- a/src/spawn-fcgi.c
+++ b/src/spawn-fcgi.c
@ -79,7 +79,13 @@ static int issetugid() {

 #define CONST_STR_LEN(s) s, sizeof(s) - 1

-static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, int mode, int backlog) {
+static mode_t read_umask(void) {
+	mode_t mask = umask(0);
+	umask(mask);
+	return mask;
+}
+
+static int bind_socket(const char *addr, unsigned short port, const char *unixsocket, uid_t uid, gid_t gid, mode_t mode, int backlog) {
 	int fcgi_fd, socket_type, val;

 	struct sockaddr_un fcgi_addr_un;
@ -189,6 +195,13 @@ static int bind_socket(const char *addr, unsigned short port, const char *unixso
 	}

 	if (unixsocket) {
+		if (-1 == chmod(unixsocket, mode)) {
+			fprintf(stderr, "spawn-fcgi: couldn't chmod socket: %s\n", strerror(errno));
+			close(fcgi_fd);
+			unlink(unixsocket);
+			return -1;
+		}
+
 		if (0 != uid || 0 != gid) {
 			if (0 == uid) uid = -1;
 			if (0 == gid) gid = -1;
@ -199,13 +212,6 @@ static int bind_socket(const char *addr, unsigned short port, const char *unixso
 				return -1;
 			}
 		}
-
-		if (-1 != mode && -1 == chmod(unixsocket, mode)) {
-			fprintf(stderr, "spawn-fcgi: couldn't chmod socket: %s\n", strerror(errno));
-			close(fcgi_fd);
-			unlink(unixsocket);
-			return -1;
-		}
 	}

 	if (-1 == listen(fcgi_fd, backlog)) {
@ -423,7 +429,8 @@ static void show_help () {
 		" -a <address>   bind to IPv4/IPv6 address (defaults to 0.0.0.0)\n" \
 		" -p <port>      bind to TCP-port\n" \
 		" -s <path>      bind to Unix domain socket\n" \
-		" -M <mode>      change Unix domain socket mode\n" \
+		" -M <mode>      change Unix domain socket mode (octal integer, default: allow\n" \
+		"                read+write for user and group as far as umask allows it) \n" \
 		" -C <children>  (PHP only) numbers of childs to spawn (default: not setting\n" \
 		"                the PHP_FCGI_CHILDREN environment variable - PHP defaults to 0)\n" \
 		" -F <children>  number of children to fork (default 1)\n" \
@ -453,7 +460,7 @@ int main(int argc, char **argv) {
 	char **fcgi_app_argv = { NULL };
 	char *endptr = NULL;
 	unsigned short port = 0;
-	int sockmode = -1;
+	mode_t sockmode =  (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) & ~read_umask();
 	int child_count = -1;
 	int fork_count = 1;
 	int backlog = 1024;